Utilrix

JWT Decoder

Decode a JSON Web Token and inspect its header, payload and signature.

ENCODED TOKEN

Processed 100% in your browser — nothing you enter here is ever uploaded.

Common use cases

Debugging a 401 Unauthorized error

Check whether an access token has already expired by comparing its exp claim against the current time.

Checking which scopes a token grants

Inspect the roles or scope claim embedded in an access token to see exactly what it's authorized to do.

Integrating with a new OAuth provider

Decode a sample token from an identity provider's docs to understand its claim structure before writing code against it.

How to use the JWT Decoder

Paste a JSON Web Token — it should look like three sections separated by dots.

The header and payload are decoded and pretty-printed instantly as you type.

The signature itself is shown but not verified — verifying a signature requires the secret or public key, which this tool never asks for.

Use this to quickly inspect claims like `exp`, `iat`, or `sub` during API debugging.

If the token has an `exp` claim, a status badge shows whether it's already expired or how long until it expires — no manual timestamp math needed.

Frequently asked questions

Related tools